package cn.yqx.bankshop.oauth2.config;


import cn.yqx.bankshop.oauth2.service.impl.CustomUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;

import javax.sql.DataSource;

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Autowired
    private AuthenticationManager authenticationManager;
    @Autowired
    private TokenStore TokenStore ;
    @Autowired
    private JwtAccessTokenConverter jwtAccessTokenConverter ;
    //刷新令牌的时候使用
    @Autowired
    CustomUserDetailsService userDetailsService ;

    //自定义一个错误返回
    @Autowired
    private WebResponseExceptionTranslator customWebResponseExceptionTranslator;
    @Bean
    public ClientDetailsService jdbcClientDetailsService() {
        return new JdbcClientDetailsService(dataSource);
    }

    /**
     * 配置客戶端
     * @param clients
     * @throws Exception
     */
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(jdbcClientDetailsService());
    }

    /**
     * 关于认证服务器端点配置
     * @param endpoints
     * @throws Exception
     */
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        //password 要这个 AuthenticationManager 实例
        endpoints.authenticationManager(authenticationManager);
        endpoints.userDetailsService(userDetailsService);
        //自定义登录错误格式
        endpoints.exceptionTranslator(customWebResponseExceptionTranslator);
        // 加载token仓库
        endpoints.tokenStore(TokenStore).accessTokenConverter(jwtAccessTokenConverter) ; //jwt令牌

    }

    /**
     * 令牌端点的配置
     * @param security
     * @throws Exception
     */

    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        //所有的人可以访问
        security.tokenKeyAccess("permitAll()");
       //验证成功的时候可以访问
        security.checkTokenAccess("permitAll()") ;

        security.allowFormAuthenticationForClients();

    }

}
